|
Posted by Neil on October 12, 2008, 12:20 pm
Please log in for more thread options
>
>>
>>>
>>>> Hi Folks,
>>>>
>>>> Just came across this in server access log. Can anybody tell me
>>>> what's likely to be going on with this.
>>>
>>> MS SQL injection attempt:
>>> http://www.f-secure.com/weblog/archives/00001427.html
>>>
>>> Get the IP address from the log, type it after:
>>>
>>> http://www.spamcop.net/sc?track=
>>>
>>> and email the address(es) returned by spamcop. If you're lucky you just
>>> killed a zombie.
>>>
>> John - thanks for that, but it's not entirely clear to me.
>> What exactly do you mean by 'email the address(es)' - where to?
>
> The attempt is done from an IP address, if you glue the address after the
> URL above, you most likely get one or more email addresses (abuse@....).
> Copy the line(s) from your access log, and email them to those addresses
> with the request to: Remove the infected computer, which is being used for
> SQL injections, from their network.
>
> Most of the time this is done within a short time, and you might help
> others that way.
>
Right I've got you. Well I'm kicking myself. I never recorded the IP number
at the time. I did a lookup on it at the time and it was USA somewhere, but
didn't make a note of it. I've found out today that the access log isn't
archived (it is now) so there's no way I can trace it. I'll know better the
next time though.
Thanks for the info guys.
Neil
| 
XML Sitemap